Tech —

UPnP approved as ISO standard

The UPnP communication protocol has received official status as a standard …

Although its been a widely-available (and widely-used) standard for years, the UPnP (Universal Plug and Play) standard and 76 specific UPnP fixes received official international standard status late last week. In an overwhelming approval vote, the International Standards Organization/International Electrotechnical Commission Joint Technical Committee 1 (ISO/IEC JTC 1) voted to recognize UPnP as an official standard of the body.

On the one hand, this is an almost anticlimactic turn of events, considering just how many devices support UPnP, but standard recognition has always been considered an important milestone for any product or service, and this is no exception. For those of who you aren't familiar, UPnP is a descendant of the PnP (Plug and Play) technology that first debuted in Windows 95. Like the more simple PnP, UPnP was specifically developed to allow for seamless connectivity between a vast variety of devices, computers, and operating systems over virtually any type of connection.

Just as PnP suffered some growing pains (earning itself the nickname Plug-n-Pray in the process), UPnP's initial deployment wasn't exactly smooth. Soon after it was deployed as a feature in Windows XP, multiple critical flaws were discovered in XP's UPnP implementation. Microsoft addressed these issues via security updates, but the notion that UPnP "autoconfiguration" could be insecure still persists among some geeks. As The Inquirer points out, UPnP's technology has been exploited in the past to allow virus propagation, the standard hasn't exactly standardized the printer driver market, and many devices still ship with UPnP service deactivated due to security concerns with the protocol itself.

UPnP's goal of allowing a wide variety of devices to communicate seamlessly over a network is obviously an important one given the growing emphasis many devices place on point-to-point connectivity. Speaking generally, device vendors still seem to have questions regarding the security of UPnP—hopefully formal recognition of the protocol as a standard will provide a firm footing to speed development of the security measures needed to close any loopholes that still exist within the protocol.